IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
4,818 Commits 11 Branches 60 Tags
96390ca3e5f9fb89fe930e62dbd267a2de0af1d1
Commit Graph

20 Commits

Author SHA1 Message Date
Simo Sorce
0c6e047128 ipa-kdb: set krblastpwdchange only when keys have been effectively changed 2012-02-15 04:51:15 -05:00
Simo Sorce
c3c59ce15c ipa-kdb: Avoid lookup on modify if possible 
This avoids one useless search if we already have the entry_dn.
 2012-02-15 04:50:57 -05:00
Simo Sorce
651f932473 ipa-kdb: add AS auditing support 
Fixes: https://fedorahosted.org/freeipa/ticket/2334
 2012-02-14 18:03:45 -05:00
Simo Sorce
e727dc50cc ipa-kdb: fix free() of uninitialized var 2011-11-29 16:08:59 -05:00
Simo Sorce
18537d55a7 Add support for generating PAC for AS requests for user principals 2011-11-07 14:25:07 -05:00
Simo Sorce
8cc402206a Fix CID 11025: Resource leak 
https://fedorahosted.org/freeipa/ticket/2037
 2011-11-07 11:13:55 -05:00
Simo Sorce
ea10ad1851 Fix CID 11024: Resource leak 
https://fedorahosted.org/freeipa/ticket/2037
 2011-11-07 11:13:55 -05:00
Simo Sorce
bc3fb1b3a0 Fix CID 11023: Resource leak 
https://fedorahosted.org/freeipa/ticket/2037
 2011-11-07 11:13:55 -05:00
Simo Sorce
a49cf51ee2 Fix CID 11022: Resource leak 
https://fedorahosted.org/freeipa/ticket/2037
 2011-11-07 11:13:55 -05:00
Simo Sorce
f28ab8351f ipa-kdb: Fix legacy password hashes generation 
We were not searching for objectclass so the test to se if a user had the
posixAccount attribute was failing and the user was not marked as ipa_user.
This in turn caused us to not synchronize legacy hashes by not trying to store
the userPassword attribute.

Fixes: https://fedorahosted.org/freeipa/ticket/1820
 2011-10-06 12:15:05 -04:00
Simo Sorce
dfc704de25 ipa-kdb: Fix expiration time calculation 
Expiration time should be enforced as per policy only for users and only when a
password change occurs, ina ll other cases we should just let kadmin decide
whther it is going to set a password expiration time or just leave it empty.

In general service tickts have strong random passwords so they do not need a
password policy or expiration at all.

https://fedorahosted.org/freeipa/ticket/1839
 2011-09-26 10:07:11 +02:00
Simo Sorce
4167ad01d7 ipa-kdb: Properly set password expiration time. 
We do the policy check so we are the only one that can calculate the new
pwd espiration time.

Fixes: https://fedorahosted.org/freeipa/ticket/1793
 2011-09-19 12:28:35 -04:00
Simo Sorce
0d048d7b49 ipa-kdb: add password policy support 
Use default policy for new principals created by kadmin
 2011-08-26 08:24:50 -04:00
Simo Sorce
452fcdccdc ipa-kdb: implement change_pwd function 2011-08-26 08:24:49 -04:00
Simo Sorce
0a4f7960b9 ipa-kdb: Get/Store Master Key directly from LDAP 2011-08-26 08:24:49 -04:00
Simo Sorce
e9e426354f ipa-kdb: add functions to change principals 2011-08-26 08:24:49 -04:00
Simo Sorce
d25370a579 ipa-kdb: add function to iterate over principals 2011-08-26 08:24:49 -04:00
Simo Sorce
2f8caeab48 ipa-kdb: add functions to delete principals 2011-08-26 08:24:49 -04:00
Simo Sorce
8d5c67a9f8 ipa-kdb: add function to free principals 2011-08-26 08:24:49 -04:00
Simo Sorce
abd424889b ipa-kdb: functions to get principal 2011-08-26 08:24:49 -04:00